IDS Alarms Investigation with Limited Resources
نویسندگان
چکیده
منابع مشابه
A Lightweight Intrusion Detection System Based on Specifications to Improve Security in Wireless Sensor Networks
Due to the prevalence of Wireless Sensor Networks (WSNs) in the many mission-critical applications such as military areas, security has been considered as one of the essential parameters in Quality of Service (QoS), and Intrusion Detection System (IDS) is considered as a fundamental requirement for security in these networks. This paper presents a lightweight Intrusion Detection System to prote...
متن کاملOn the Effectiveness of Target Configuration as Contextual Information for IDS Alarm Classification
Signature-based Intrusion Detection Systems (IDS) are known to generate many noncritical alarms (alarms not related to a successful attack). A large number of alarms makes the job of security officers tedious and difficult. Adding contextual information to IDS is a promising avenue to reduce the number of noncritical alarms delivered to the security officers. In the last few years, several appr...
متن کاملInvestigating the problem of IDS false alarms: An experimental study using Snort
IDS can play a vital role in the overall security infrastructure, as one last defence against attacks after secure network architecture design, secure program design and firewalls [1]. Although IDS technology has become an essential part of corporate network architecture, the art of detecting intrusions is still far from perfect. A significant problem is that of false alarms, which correspond t...
متن کاملAttack Graphs for Sensor Placement, Alert Prioritization, and Attack Response
We describe the optimal placement of intrusion detection system (IDS) sensors and prioritization of IDS alarms, using attack graph analysis. Our attack graphs predict the various possible ways of penetrating a network to reach critical assets. In particular, automated analysis of network configuration and attacker exploits provides an attack graph showing all possible paths to critical assets. ...
متن کاملSpecification-Based Testing of Intrusion Detection Systems
An Intrusion Detection System (IDS) protects computer networks against attacks and intrusions, in combination with firewalls and anti-virus systems. An IDS is therefore a crucial element of a network security posture. One class of IDS is called signature-based network IDSs as they monitor network traffic, looking for evidence of malicious behavior as specified in attack descriptions (referred t...
متن کامل